Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Lamer.CC

Trojan.Lamer.CC

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 6,040
Threat Level: 80 % (High)
Infected Computers: 484
First Seen: May 30, 2021
Last Seen: April 6, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.Lamer.CC
Signature status: No Signature

Known Samples

MD5: fdf516953f0c4aaccfcf6efe5966e8a7
SHA1: f4fa918ab30b10f3524475995179832423e7f13d
SHA256: C86E1645E57D9290297D0590ADE305623F411BCF77D59B2F2A3AF5FE8B80B7B1
File Size: 56.32 KB, 56320 bytes
MD5: 117f0e8c2ff50376f158c3b8c9262832
SHA1: fc8261b2ef401e508dc507719c67c413490cc607
SHA256: 4375B598A816B7FB4759CA64240DC61CDFE4B4CAA08AAA9BA92BB6A3789D5C68
File Size: 198.14 KB, 198144 bytes
MD5: 7d220902c2349f03c5684f98f4100740
SHA1: 96942312d6f450d4e2a16875bd4ef218ddc9c7a2
SHA256: 923221F55AD221686C3DFA652F37AC56051F52FBAD3017F07AFC7BA5276B34BB
File Size: 296.96 KB, 296960 bytes
MD5: 4fafcd2596c0466a539102b33956ecea
SHA1: c07fd0129cf76fade44def42bdaec29cc1f7ab1d
SHA256: 4E4753FF45BDA02380DED6921A6073E985E4E59A66A59CE802D483CD3313AFAC
File Size: 3.02 MB, 3015261 bytes
MD5: 47030193ac8b58b3ef80b1ed71695677
SHA1: 69021b3ce627ca38a6df4852299ac437e9fb95ec
SHA256: C8EB268E115C898BFD18DAE7C39AD2C373CFC0ECA68563BA4B1CB4F65D8D8222
File Size: 37.89 KB, 37888 bytes
Show More
MD5: 6a3fed0375fac55524fb8d725ddb4d90
SHA1: e0b952d1244058b36113b0d99193c6e677e627ac
SHA256: 0BB9FE40490DE75116C1F7D20CF9B861A66692A2F289D294E964C37458805C8B
File Size: 25.09 KB, 25088 bytes
MD5: 85fdfd3ab1ea2dad13e609c807f55124
SHA1: 8dfc66aceec9992effd43b01d5b508b522ae7c3d
SHA256: 78E19DF5B0C4A94644599F8832CCAB6C8D579CEFF6894024C264B87464495B31
File Size: 1.87 MB, 1866752 bytes
MD5: df50379b533f8b7508e57bdb3b1c7bdd
SHA1: 3ff28e199e0f47433c1d89cf999be0f7df6cbaca
SHA256: 8A1F06CFC4FC98456BC2E2247DD14B156F41D4CF147673C12CA3AA7FD8FBE045
File Size: 30.21 KB, 30208 bytes
MD5: 67ccb814c7973bc2c16c2f35ead006b8
SHA1: 7f82a5f4f1fdca82ac88e170955d36f135422bb1
SHA256: 189EB06D49A2FB771014A7E249CE3F12D4602CB1CE0626F67841A929CD587CD3
File Size: 127.49 KB, 127488 bytes
MD5: 842ed84766964cfeb51319597c9a1f54
SHA1: 1e60b88c4a93e63c02826c3b13017affa0f317ce
SHA256: E05D4516E1D60E07F7B0E3164182A1438363047BB1856234B94E3850BABE22E0
File Size: 163.33 KB, 163328 bytes
MD5: 8b66b463f49d000d244d3cb7f08ee297
SHA1: 57efd1aeb1c086fc1615a475ef60e29c260bc517
SHA256: 2105000BC5D751A2CF1CD4BB0826B4BC174065440510E8CEACF78AEFA492F406
File Size: 25.60 KB, 25600 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is 32-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Show More

Windows PE Version Information

Name Value
Company Name
  • ATENOR B.M. S.L.
  • By L00gh@nJC... 2014
  • grandesjuegosclasicos
  • Oussama Gravure CD-DVD
  • TT
File Description
  • Activate Maps,Voices, Speedcams & Fuel prices. Patch Navcore & HOME. Check current meta code. Update QuickGPSfix
  • BY PORTAL PORTABLES BRASIL
  • GiNi4EveR
  • Juego portable de NDS para Windows
File Version
  • 1.00
  • 01,09,2016,1800
  • 1,0,0,0
Internal Name
  • FastActivate
  • http://www.OussamaDvD.tk
  • TJprojMain
Legal Copyright
  • 2012 - 2013 (c)
  • TT
Original Filename TJprojMain.exe
Product Name
  • FastActivate
  • http://www.OussamaDvD.tk
  • Project1
Product Version
  • 1.00
  • 01,09,2016,1800
  • 1,0,0,0

File Traits

  • 2+ executable sections
  • HighEntropy
  • MPRESS
  • MPRESS Win32
  • Native MPRESS x86
  • No Version Info
  • packed
  • x86

Block Information

Total Blocks: 6
Potentially Malicious Blocks: 0
Whitelisted Blocks: 3
Unknown Blocks: 3

Visual Map

? 0 0 0 ? ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • AutoHotkey.A
  • Bitcoinminer.R
  • CoinMiner.BB
  • Emotet.AAJ
  • Emotet.AAL
Show More
  • Kryptik.FHE
  • MPRESS Packer
  • Strictor.A
  • Tofsee.BP
  • Upatre.WIA

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
c:\26b4.tmp\launch.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\68b1.tmp\apagar windows.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\b897.tmp\desoculta.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\bb94.tmp\enviadat.bat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\d9fd.tmp\controle.bat Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 장틦᛺ǜ RegNtPreCreateKey
Show More
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 몽왉ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
  • WriteConsole
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • UNKNOWN
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFlush
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW
  • win32u.dll!NtGdiGetRandomRgn
  • win32u.dll!NtGdiGetRealizationInfo
  • win32u.dll!NtGdiGetTextFaceW
  • win32u.dll!NtGdiGetTextMetricsW
  • win32u.dll!NtGdiGetWidthTable
  • win32u.dll!NtGdiHfontCreate
  • win32u.dll!NtGdiIntersectClipRect
  • win32u.dll!NtGdiPatBlt
  • win32u.dll!NtGdiPolyPatBlt
  • win32u.dll!NtGdiPolyTextOutW
  • win32u.dll!NtGdiQueryFontAssocInfo

69 additional items are not displayed above.

Anti Debug
  • IsDebuggerPresent
User Data Access
  • GetUserObjectInformation
Process Terminate
  • TerminateProcess
Other Suspicious
  • SetWindowsHookEx
Keyboard Access
  • GetKeyState
Process Manipulation Evasion
  • NtUnmapViewOfSection

Shell Command Execution

open \68B1.tmp\Apagar Windows.bat
WriteConsole:
WriteConsole:
C:\WINDOWS\system32\shutdown.exe shutdown -s -t 0
WriteConsole: Access is denied
Show More
open \26B4.tmp\Launch.bat
WriteConsole: The system canno
WriteConsole: 'DeSmuME.exe' is
"\B897.tmp\Desoculta.bat"
"\D9FD.tmp\controle.bat"
C:\WINDOWS\system32\mode.com MODE con cols=80 lines=25
C:\WINDOWS\system32\net.exe NET session
open \BB94.tmp\ENVIADAT.bat
WriteConsole: GOTO was unexpec

Trending

Most Viewed

Loading...